| | |
|---|
| | | import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; |
|---|
| | | import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; |
|---|
| | | import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; |
|---|
| | | import com.ruoyi.common.annotation.Anonymous; |
|---|
| | | import org.springframework.security.web.util.matcher.RequestMatcher; |
|---|
| | | import org.springframework.web.method.HandlerMethod; |
|---|
| | | import org.springframework.web.servlet.mvc.method.RequestMappingInfo; |
|---|
| | | import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; |
|---|
| | | import java.util.HashSet; |
|---|
| | | import java.util.Map; |
|---|
| | | import java.util.Set; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * spring security配置 |
|---|
| | |
|---|
| | | @Autowired |
|---|
| | | private PermitAllUrlProperties permitAllUrl; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private RequestMappingHandlerMapping requestMappingHandlerMapping; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取所有标注了@Anonymous的URL |
|---|
| | | */ |
|---|
| | | private Set<String> getAnonymousUrls() { |
|---|
| | | Set<String> urls = new HashSet<>(); |
|---|
| | | Map<RequestMappingInfo, HandlerMethod> handlerMethods = requestMappingHandlerMapping.getHandlerMethods(); |
|---|
| | | for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : handlerMethods.entrySet()) { |
|---|
| | | HandlerMethod handlerMethod = entry.getValue(); |
|---|
| | | Anonymous anonymous = handlerMethod.getMethodAnnotation(Anonymous.class); |
|---|
| | | if (anonymous != null) { |
|---|
| | | Set<String> patterns = entry.getKey().getPatternValues(); |
|---|
| | | urls.addAll(patterns); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return urls; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 身份验证实现 |
|---|
| | | */ |
|---|
| | |
|---|
| | | @Bean |
|---|
| | | protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception |
|---|
| | | { |
|---|
| | | // 获取所有标注了@Anonymous的URL |
|---|
| | | Set<String> anonymousUrls = getAnonymousUrls(); |
|---|
| | | |
|---|
| | | return httpSecurity |
|---|
| | | // CSRF禁用,因为不使用session |
|---|
| | | .csrf(csrf -> csrf.disable()) |
|---|
| | |
|---|
| | | .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler)) |
|---|
| | | // 基于token,所以不需要session |
|---|
| | | .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
|---|
| | | // 注解标记允许匿名访问的url |
|---|
| | | .authorizeHttpRequests((requests) -> { |
|---|
| | | permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll()); |
|---|
| | | // 过滤请求 |
|---|
| | | .authorizeRequests() |
|---|
| | | // 对于登录login 注册register 验证码captchaImage 允许匿名访问 |
|---|
| | | requests.antMatchers("/login", "/register", "/captchaImage").permitAll() |
|---|
| | | .antMatchers("/login", "/register", "/captchaImage").permitAll() |
|---|
| | | // 添加标注了@Anonymous的URL到匿名访问列表 |
|---|
| | | .antMatchers(anonymousUrls.toArray(new String[0])).permitAll() |
|---|
| | | // 静态资源,可匿名访问 |
|---|
| | | .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() |
|---|
| | | .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll() |
|---|
| | | // 除上面外的所有请求全部需要鉴权认证 |
|---|
| | | .anyRequest().authenticated(); |
|---|
| | | }) |
|---|
| | | .anyRequest().authenticated() |
|---|
| | | .and() |
|---|
| | | // 添加Logout filter |
|---|
| | | .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler)) |
|---|
| | | // 添加JWT filter |
|---|
